Barnes & Noble cyberattack exposed customers’ personal information

From CNN:

A day after Barnes & Noble solved its Nook outage, the bookstore revealed a far more serious problem: A massive cybersecurity attack breached the company’s data, exposing information about customers, including email addresses and other personal information.On Monday, Barnes & Noble sent customers an email to notify them about the cyberattack. The company made clear that customers’ financial information had not been exposed. Their transaction history, however, was potentially exposed. The company said “transaction history, meaning purchase information related to the books and other products that you have bought from us” were retained in the systems that were impacted by the cybersecurity attack.

Customer’s email addresses, were also potentially leaked in the cybersecurity attack, according to the company.
“It is possible that your email address was exposed and, as a result, you may receive unsolicited emails,” Barnes & Noble said.
While the bookstore chain doesn’t know if other personal information was exposed during the attack, Barnes & Noble acknowledged that customers’ billing and shipping addresses as well as their phone numbers stored in the systems were included in the attack.
Although not worth much to hackers on their own, personally identifying data like addresses, phone numbers, names and email addresses are valuable on the black market. It can be combined with other information, including credit card information and Social Security numbers, to create full profiles of people. Hackers can use that information to steal people’s identities and money.

Link to the rest at CNN

PG notes that the drip-drip-drip method of revealing information after a company disaster is something many public relations professionals regard as a classic example of the wrong way for a company to handle such an event.

The recommended strategy is to tell everything you know right away, upfront and to be very transparent about what you are doing to resolve the problem and protect your customers from harm. Quite often, a consumer-facing company will offer a credit-protection program at no cost to its customers.

As mentioned before, you can send any other information you think might be of interest to TPV visitors via the Contact link.

PG is particularly interested in hearing about any indications of intelligent life inside Barnes & Noble’s management ranks.

3 thoughts on “Barnes & Noble cyberattack exposed customers’ personal information”

  1. <sarcasm> But doesn’t rejecting the drip-drip-drip method of responding to a disaster (whether it’s an information breach or anything else) simultaneously imply knowledge, competence, actual concern for organizational reputation, and an absence of CYA? Who are we dealing with again? </sarcasm>

    This shark, before becoming a shark, was an inferior officer of the United States, sworn to protect and defend the Constitution of the United States against all enemies, foreign and domestic. He saw far, far too many instances even among his superiors, peers, and subordinates — who for all their faults, as a group knew more, were more competent, cared more about the organization’s reputation, and were less prone to CYA than any MBA, real-property developer, hedge-fund manager, or trust-fund beneficiary on the planet — to believe those four impossible things before breakfast. Or caffeine. Or darned near any other time.

    The fundamental problem here (and it’s one that’s really obvious as soon as you review the history of who have been the major investors and controllers of B&N from time to time since the 1970s) is that B&N is not now, and hasn’t been for at least four decades, a “bookstore.” It is now (and has been) a real-property-development play, and the bookstore has been the magician’s assistant, distracting attention from the nature of the enterprise.* I’ve seen little sign of either “knowledge” or “competence” at any aspect of even those, let alone from the assistant (who is, instead of the typical spangly outfit used by competent magicians, attired in mothridden second-hand castoffs from Value Village, because that’s less expensive).

    * So was Borders once K-mart bought it in the 1990s. Indeed, so was K-mart — just look at the 10-K from, say, 1996. Amazon’s magician’s assistant is a different one, performing the same function, but that function is less orthogonal to the assistant. Meaning that the assistant has to be much more competent and much more eye-catching to work…

  2. This isn’t gonna help Nook sales going into the Holiday season. Indeed, protestations aside, are shoppers even going to want to visit a B&N and present a credit card?

Comments are closed.